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DETAILED ACTION 

1. This is in response to the communications filed on 13 December 2007. 

2. Claims 1-26 are pending in the application. 

3. Claims 1-26 have been allowed. 

Information Disclosure Statement 

4. The examiner has considered the information disclosure statement (IDS) filed on 11 
December 2007 and 13 December 2007. 

Allowable Subject Matter 

5. Claims 1-26 are allowed. 

The following is an examiner's statement of reasons for allowance: 
The current application is directed towards a method of providing a certificate from a 
client to a server is disclosed. The method comprises receiving a request for a certificate from the 
server and forwarding the request to a biometric certification server (BCS). The method further 
includes receiving a biometric identification from the client and forwarding the biometric 
identification to the BCS. If the biometric identification matches a registered user on the BCS, 
receiving a certificate including a public key of the client certified by the BCS, and forwarding 
the certificate to the server, thereby identifying the client to the server. 

The closest prior art to the current application is the combination of Hoffman et al U.S. 
Patent No. 6,012,039 (hereinafter Hoffman) and Ganesan U.S. Patent No. 5,535,276 (hereinafter 
Ganesan). Hoffman is directed towards a tokenless authorization of a reward transaction 
between an issuer and a recipient using an electronic identicator and at least one recipient bid 
biometric sample, the method comprising the following steps. A recipient registration step, 
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wherein a recipient registers with an electronic identicator at least one registration biometric 
sample. An issuer registration step, wherein the issuer registers identification data with the 
electronic identicator. During a transaction formation step, wherein an electronic reward 
transaction is formed between the issuer and the recipient, comprising issuer bid identification 
data, transaction data, and at least one recipient bid biometric sample, the bid biometric sample is 
obtained from the issuer's person. In at least one transmission step, the issuer bid identification 
data, the transaction data, and recipient bid biometric sample are electronically forwarded to the 
electronic identicator. In a recipient identification step, the electronic identicator compares the 
bid biometric sample with at least one registered biometric sample for producing either a 
successful or failed identification of the recipient. In an issuer identification step, the electronic 
identicator compares the issuer's bid identification data with an issuer's registered identification 
data for producing either a successful or failed identification of the issuer. Thereby, upon 
successful identification of the recipient and issuer, a reward transaction is authorized for debit 
or credit settlement of reward units from the recipient's rewards account, without the recipient 
presenting any personalized man-made tokens such as smartcards or magnetic swipe cards. 
Ganesan is directed towards a system, such as a system utilizing a Kerberos protocol, system 
users each have an associated asymmetric crypto-key. The security of communications over the 
system is enhanced by a first user generating a temporary asymmetric crypto-key having a first 
temporary key portion and an associated second temporary key portion. The second temporary 
key portion is encrypted by the first user with the first private key portion of the first user crypto- 
key to form a first encrypted message. Another user, preferably an authentication server, applies 
the second private key portion and the public key portion of the first user crypto-key to the first 
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encrypted message to decrypt the second temporary key portion and thereby authenticate the first 
user to the security server. The authentication server then encrypts the first encrypted message 
with the second private key portion of the first user crypto-key to form a second encrypted 
message. The first user next applies the public key portion of the first user crypto-key to decrypt 
the second encrypted message and obtain the second temporary key portion, thereby 
authenticating the security server to the first user. 

Hoffman describes a reward authorization system between an issuer and a recipient, 
in which recipient biometric data is utilized (Hoffman, Abstract). A server stores pre- 
verified recipient biometric data (Hoffman, column 6, line 66 to column 7, line 8). When a 
recipient makes a bid for a reward, they provide a sample of biometric data, and both the 
bid and the associated biometric data are transmitted to the server. The server then verifies 
a match between the submitted biometric data and the sample biometric data (Hoffman, column 
10, lines 1-21). Ganesan describes a system of providing a secure communication 
connection (Ganesan, Abstract; column 8, lines 9-43). The connection is secured when a 
first user generates a temporary key pair, on the user's computer, to encrypt a message and 
exchange the pair and message with a server (Ganesan, column 8, lines 20-25). This 
method allows another user to then further encrypt a message when the user generates their 
own temporary key pair to identify each other through the server. Thus, in each case, the 
temporary key pairs are generated by a communication initiator, and in response to initiating 
a communication (See Ganesan, column 8, lines 40-44; column 9, lines 17-54). 

With respect to independent claim 1, a server generates a disposable public 
key/private key pair after user authentication, such that the user is not required to create the 
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disposable key pair. Neither Hoffman nor Ganesan, alone or in combination, teaches or 
suggests "the BCS generating a disposable public key/private key pair if the user is authenticated 
based on the biometric data." Hoffman merely describes receiving a biometric sample, 
attempting to match the biometric sample to biometric data already stored in a database, 
and sending a message as to whether the authentication was successful (Hoffman, column 
10, lines 1-32). Thus, Hoffman merely performs a database search in response to 
receiving a recipient's biometric data sample, but fails to teach or suggest performing any 
cryptographic services after a user is authenticated based on biometric data. Therefore, Hoffman 
must fail to teach or suggest "the BCS generating a disposable public key/private key pair if the 
user is authenticated based on the biometric data." Furthermore, as discussed above, temporary 
key pairs are generated in Ganesan by communication initiators. There is no discussion within 
Ganesan that a server generates a disposable public key/private key pair after user authentication. 
Therefore, Ganesan also fails to teach or suggest performing any cryptographic services after a 
user is authenticated based on biometric data, and thus fails to teach or suggest "the BCS 
generating a disposable public key/private key pair if the user is authenticated based on the 
biometric data." 

With respect to independent claims 10 and 24, the closest prior art was Matsumoto et al 
US 2001/0034836 Al (hereinafter Matsumoto). Matsumoto is directed towards an 
authentication system 10 of this invention includes an authentication station 20 having a 
directory server 24 and a biometrics collation server 30 capable of collating biometrics data 
based on the biological features of a user, and a user terminal 60 connected to the authentication 
station 20 via a network 12. The biometrics data is transmitted from the user terminal 60. In the 
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authentication station 20, the biometrics collation server 30 collates biometrics data transmitted 
from a user with biometrics data registered in advance. The authentication station 20 can check 
validity of a digital certificate 66 by the directory server 24 and collates the biometrics data, 
thereby allowing personal authentication. However, the Matsumoto reference does not qualify as 
prior art. Matsumoto was filed on January 30, 2001 and relates back to a provisional application 
filed on January 31, 2000. The provisional application is in Japanese. The applicants have 
submitted a declaration and associated exhibits as proof that claims in the current application 
were invented prior to the earliest filing date of Matsumoto. 

With respect to independent claim 13, the closest prior art is Hoffman in view of 
Jakobsson U.S. Patent No. 6,587,946 Bl (hereinafter Jakobsson). Jakobsson is directed towards 
a method of forwarding an encrypted message sent to a primary recipient having a secret key to 
at least one secondary recipient comprising the steps of sharing portions of the secret key among 
a predetermined threshold number of proxy servers greater than one, upon receipt of an 
encrypted message by the predetermined threshold number of proxy servers, each of the 
predetermined threshold number of proxy servers modifying the message by applying the key 
portion to the encrypted message, the result of the modification comprising a message secret to 
the predetermined threshold number of proxy servers but decryptable by at least one secondary 
recipient, and forwarding the resultant message to at least one secondary recipient. This method 
and system for quorum controlled asymmetric proxy encryption has uses ranging from efficient 
key distribution for pay-tv, to methods for distributively maintaining databases. The scheme, 
which can use either an ElGamal, or an ElGamal encryption based on Elliptic Curves or an 
ElGamal related encryption algorithm, leaks no information as long as there is no dishonest 
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quorum of proxy servers. As discussed above, Hoffman describes a method that utilizes a 
biometric sample to authenticate a user in a transaction. A biometric data sample is 
transmitted to a system which attempts to locate or verify a match to an existing biometric 
sample (Hoffman, column 9, line 44 to column 10, line 32). However, Hoffman merely 
matches a biometric data sample with pre-stored samples Hoffman, and fails to teach or 
suggest performing any cryptographic services after a user is authenticated based on 
biometric data. Jakobsson describes a system for providing an encrypted message to a 
second recipient when the primary recipient is unavailable (Jakobsson, Column 3, lines 9- 
15; Column 5, lines 1-47). In the system, portions of the primary recipient's private 
encryption key are shared among a quorum of proxy servers (Jakobsson, Column 3, lines 
37-41; Column 7, lines 25-28). Each of the proxy servers modifies the message so that it 
can be delivered to a secondary recipient such that the secondary recipient can decipher the 
message (Jakobsson, Abstract). However, Jakobsson fails to discuss the use of biometric data 
in the messaging system. The current application claims a crypto-server having a crypto- 
proxy interface that receives requests for cryptographic functions, receives biometric data, 
and returns data to a client after the cryptographic function has been performed. Further, 
the cryptographic function is performed after a user has been authenticated by an 
authentication engine of the crypto-server. As discussed above, Hoffman fails to teach or 
suggest performing any cryptographic functions after a user has been authenticated based 
on biometric data. Furthermore, as discussed above, the messaging system described in 
Jakohsson fails to teach or suggest the use of biometric data in messaging process or the 
messaging proxy servers. Thus, Jakobsson also fails to teach or suggest a crypto-server for 
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receiving requests, receiving biometric data, and returning data after the requested 
cryptographic function is performed and the user is authenticated. Therefore, neither 
Hoffman nor Jakobsson teaches or suggests a crypto-server having a crypto-proxy 
interface that receives requests for cryptographic functions, receives biometric data, and 
returns data to a client after the cryptographic function has been performed and the 
biometric data of the user has been authenticated. 

With respect to independent claim 22, the current application claims "the remote crypto- 
server to generate a disposable public key/private key pair and perform the requested cryptographic 
function when the user is successfully authenticated using the biometric data." Similar to the 
discussion above, neither Hoffman nor Ganesan describe or suggest a remote crypto-server to 
generate a public key/private key pair when a user is authenticated using biometric data. 

With respect to independent claim 23, the current application claims a crypto server that 
generates a disposable public key/private key pair and performs a cryptographic function, where 
the crypto server further authenticates a user based on biometric data. For reasons similar 
to the discussion above, neither Hoffman nor Ganesan describe or suggest the crypto 
server to generate a disposable public key/private key pair as claimed in claim 23. 

Any claims not directly addressed are allowed on the virtue of their dependency. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 
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Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday -Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Aravind K Moorthy/ 
Examiner, Art Unit 2131 



/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 



